Autodiscover mysteriously stopped working (Exchange 2010)

I had Autodiscover working for months but recently it just stopped. I’m not sure why, but it may be related to removing the last Exchange 2003 servers from service recently. Maybe some setting got wiped from AD when I uninstalled Exchange 2003 (as per the procedure Microsoft gives). Basically what was happening was that the email address field was being autopopulated by the user’s UPN rather than their email address. Since we have a single label domain, the UPN isn’t a valid email address, and autodiscovery fails.

Anyway, I ran Get-AutodiscoverVirtualDirectory and it looks like the autodiscover URL isn’t set. Pretty sure I set this at some point.

[PS] C:\Windows\system32>Get-AutodiscoverVirtualDirectory -server exch2010fe1  | fl InternalUrl,ExternalUrl

InternalUrl :
ExternalUrl :

[PS] C:\Windows\system32>

I just piped this to Set-AutodiscoverVirtualDirectory to correct the problem:

[PS] C:\Windows\system32>Get-AutodiscoverVirtualDirectory -server exch2010fe1  | Set-AutodiscoverVirtualDirectory -ExternalUrl 'https://webmail.example.com/Autodiscover/Autodiscover.xml' -InternalUrl 'https://webmail.example.com/Autodiscover/Autodiscover.xml'
[PS] C:\Windows\system32>Get-AutodiscoverVirtualDirectory -server exch2010fe1  | fl InternalUrl,ExternalUrl


InternalUrl : https://webmail.example.com/Autodiscover/Autodiscover.xml
ExternalUrl : https://webmail.example.com/Autodiscover/Autodiscover.xml


[PS] C:\Windows\system32>

After resetting the InternalURL and ExternalURL, autodiscover works again (we have SRV records that tell Outlook to look at webmail.example.com for the Autodiscover service).

Hooray!

Microsoft Office 2007's awful user interface

Office 2007 is pretty old by now, and I know much has been written on the move from a “normal” looking app to the “Ribbon” UI. I personally hate the change and feel Microsoft just changed the UI as a way to make the application look “different” so that people will look at it and go “oooh, shiny!” and not feel as bad about being forced into another $400 upgrade of a word processor. Sure, Excel’s row limit was finally raised beyond 64k, and I’m sure there were some other tweaks, but .docx? .xlsx? Yet more file formats, ensuring most businesses will feel compelled to upgrade. If your clients are upgrading, you’re going to have to.

Anyway, that’s all well documented. What may not be is the ridiculous location of the SMTP header info in a message in Outlook. If you want to view this interserver communication, which is invaluable when debugging mail issues, you can either A) right-click the message in the inbox, or B) … Well, in Office 2003, there was a way to do this from within the open message. I didn’t think there was a way to do it from within the message in Outlook 2007, but it turns out there is. It’s just retarded:

WTF?

Dear Microsoft: please drop the “Ribbon” completely and go back to menus, or at least provide that as an option. This UI is awful.

Microsoft Office 2007’s awful user interface

Office 2007 is pretty old by now, and I know much has been written on the move from a “normal” looking app to the “Ribbon” UI. I personally hate the change and feel Microsoft just changed the UI as a way to make the application look “different” so that people will look at it and go “oooh, shiny!” and not feel as bad about being forced into another $400 upgrade of a word processor. Sure, Excel’s row limit was finally raised beyond 64k, and I’m sure there were some other tweaks, but .docx? .xlsx? Yet more file formats, ensuring most businesses will feel compelled to upgrade. If your clients are upgrading, you’re going to have to.

Anyway, that’s all well documented. What may not be is the ridiculous location of the SMTP header info in a message in Outlook. If you want to view this interserver communication, which is invaluable when debugging mail issues, you can either A) right-click the message in the inbox, or B) … Well, in Office 2003, there was a way to do this from within the open message. I didn’t think there was a way to do it from within the message in Outlook 2007, but it turns out there is. It’s just retarded:

WTF?

Dear Microsoft: please drop the “Ribbon” completely and go back to menus, or at least provide that as an option. This UI is awful.

Outlook 2007 & Exchange 2010 Autodiscover SSL certificate error annoyance

One of the more annoying side effects of migrating my mailbox to Exchange 2010 has been the nagging of Outlook 2007’s Autodiscovery feature. Now, every time I start Outlook I get hit with a certificate error for autodiscover.domain.com. Now, autodiscover.domain.com is a CNAME to mail.domain.com, which is the OWA URL for the CAS. The SSL certificate is valid – but it’s valid for mail.domain.com. I could buy a SSL certificate from GoDaddy for $12.99 (an insanely great price, btw) for “autodiscover” but that would also require using another IP address on the CAS (since you can can only bind one SSL certificate to an IP:port pair), and that seems like a waste of an IP address.

I found a possible solution in KB 940726. Basically you use this cmdlet to change the Autodiscover URI for internal clients:

Set-ClientAccessServer –AutodiscoverServiceInternalUri https://mail.contoso.com/autodiscover/autodiscover.xml

You’d replace mail.contoso.com with the external URL of your OWA server (in my case, mail.domain.com). I’ve made the changes but I think I need to wait for AD propagation. Hopefully this will resolve it, because I don’t want to move everyone’s mailboxes over until this thing is “perfect,” whatever that means.

Edit: I also needed to add a SRV record so Outlook would know what host to check for autodiscovery when outside the domain.

Edit 2:: Also need to install a hotfix or be running Outlook 2007 SP1 or later for the SRV functionality.

Edit 3: It occurs to me that a simpler fix for this issue may be simply to delete the DNS record for autodiscover entirely. That way, when Outlook attempts to open the SSL connection to autodiscover.domain.com, it gets a NXDOMAIN error (should) silently skip it. Unfortunately we have wildcard DNS active for our domain.

Other useful resources:

When single-sign-on isn't.

I’m looking into training courses for Exchange 2010, and to add a course to “My Learning,” which I guess is the equivalent of a shopping cart, I had to sign in with my Live.com ID. I have a Live.com ID because you need one to see your MS licenses and download ISOs, etc. It’s not as seamless as Google’s ID but it seems to work ok most of the time. But here’s an instance where it sucks:

I’m already logged in, why do I need to input all my info again? Including my email address, which was required to login?

When single-sign-on isn’t.

I’m looking into training courses for Exchange 2010, and to add a course to “My Learning,” which I guess is the equivalent of a shopping cart, I had to sign in with my Live.com ID. I have a Live.com ID because you need one to see your MS licenses and download ISOs, etc. It’s not as seamless as Google’s ID but it seems to work ok most of the time. But here’s an instance where it sucks:

I’m already logged in, why do I need to input all my info again? Including my email address, which was required to login?

Exchange 2010 and Set-ActiveSyncVirtualDirectory Identity

I don’t really know why I put this blog up, but generally I write stuff here after I muddle through some ridiculous problem that may have ended up being easily resolved, but whose solution was hard to find. That’s definitely the case with this post. Currently I’m in the middle of moving my company’s email from Exchange 2003 to Exchange 2010. Microsoft has provided some pretty good documentation on how to do this, but they do assume a certain level of familiarity with the product. For example, I probably spent 30 minutes trying to run Exchange cmdlets in Powershell before I realized there’s a special shell just for Exchange, the Exchange Management Shell.

Anyway, I’m trying to setup a Client Access Server to replace our Exchange 2003 Outlook Web Access (webmail) system. Again, Microsoft’s walkthrough is pretty good, and everything seemed to be working until I got to section 4c of their instructions:

Exchange ActiveSync: Set-ActiveSyncVirtualDirectory -Identity \Microsoft-Server-ActiveSync -ExternalURL https://mail.contoso.com

For the other examples they provided, I had been replacing with the internal name of my new CAS, “EXCH2010FE1,” so that’s what I attempted to do here as well, however it threw this error:

[PS] C:\Windows\system32>Set-ActiveSyncVirtualDirectory -Identity EXCH2010FE1\Microsoft-Server-ActiveSync -ExternalURL https://webmail.example.com
The operation couldn’t be performed because object
‘EXCH2010FE1\Microsoft-Server-ActiveSync’ couldn’t be found on ‘activedir.example.com’.
+ CategoryInfo : NotSpecified: (0:Int32) [Set-ActiveSyncVirtualDirectory], ManagementObjectNotFoundException
+ FullyQualifiedErrorId : B33731BE,Microsoft.Exchange.Management.SystemConfigurationTasks. SetMobileSyncVirtualDirectory

[PS] C:\Windows\system32>

I racked my brain on this for a while. I discovered the Get-ActiveSyncVirtualDirectory command, hoping it would magically solve the problem (telling me what the “Identity” was), but it didn’t – at least not at first:

[PS] C:\Windows\system32>Get-ActiveSyncVirtualDirectory -server exch2010fe1

Name Server InternalUrl
—- —— ———–
Microsoft-Server-ActiveSync (Default… EXCH2010FE1 https://exch2010fe1.example.com/Microsoft-Se…

[PS] C:\Windows\system32>

It was showing me the server, but not the Identity, which is what I wanted. Having never used Powershell before, I figured there had to be a way to get that property out of the command, but I had no idea what it was. Some more Googling finally helped me resolve it:

[PS] C:\Windows\system32>Get-ActiveSyncVirtualDirectory -server exch2010fe1 | Select-Object Identity

Identity
——–
EXCH2010FE1\Microsoft-Server-ActiveSync (Default Web Site)

[PS] C:\Windows\system32>

Once I supplied “EXCH2010FE1\Microsoft-Server-ActiveSync (Default Web Site)” for the Identity parameter the command completed correctly. I also tried piping the Get-ActiveSyncVirtualDirectory command directly to Set-ActiveSyncVirtualDirectory, like this:

[PS] C:\Windows\system32>Get-ActiveSyncVirtualDirectory -Server exch2010fe1 | Set-ActiveSyncVirtualDirectory -ExternalURL https://webmail.example.com

This appeared to execute successfully, but I don’t know if it actually did what I intended, so I stuck with specifying the identity manually.

The Exchange 2010 CAS is properly redirecting users to legacy.example.com, but ActiveSync isn’t working (I’m testing with my iPhone), so I guess the problem I was having above wasn’t the source of all my ills, sadly. The battle continues…